屏蔽docker镜像暴露的端口

同事新打的docker镜像暴露了6002/tcp端口，实际环境用不到，需要屏蔽暴露的端口。

思路：基于要修改的镜像起一个test容器->关闭docker服务systemctl stop docker->去除容器配置文件中暴露的端口->重启docker服务。

1. 基于要修改的镜像docker run一个测试容器

d6da175c1dc4        bri   "/bin/bash"              24 minutes ago      Up 2 seconds        6002/tcp        test            

2. 关闭docker服务

3. 进入容器目录cd /var/lib/docker/containers/d6da175c1dc4，查看文件清单:

[root@localhost containers]# find *d6da175c1dc4*

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/checkpoints

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hostconfig.json

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/config.v2.json

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hosts

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/resolv.conf

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/resolv.conf.hash

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hostname

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/mounts

d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b-json.log

4. 将config.v2.json文件中的暴露的6002端口去除，保存文档。

5. cat下确保修改成功，而后重启docker服务。

6. 基于当前test容器，用docker commit命令提交一个新的镜像(不再暴露6002端口)。

结束。